Abstract: A computer system and method for securing files in a file system equipped with storage resources that are accessible to an authenticable user operating with an untrusted client device under the semi-trusted client threat model. The file to be secured is stored in one or more blocks belonging to the storage resources along with symmetric per-block key(s) KBi assigned to each of the blocks in the file. The blocks are encrypted with the symmetric per-block keys to obtain encrypted blocks. The user is assigned user key(s) and each per-block key that was used for encryption is in turn encrypted with one of the user's keys to derive wrapped key(s) for each encrypted block. Wrapped key(s) are placed in encrypted block headers and introduce a level of indirection to encrypted file(s) that is appropriate for the semi-trusted client threat model.

Abstract: A format-preserving cipher including an encryption and a decryption scheme supporting non-linear access to input data by allowing the selection of portions of data from a potentially larger dataset to be encrypted, thus avoiding a necessarily sequential access into the input plaintext data. The cipher first defines a forward mapping from the allowable ciphertext values to an integer set of the number of such allowable ciphertext values, and a corresponding reverse mapping. It also supports exclusion of a certain set of characters from the ciphering process. Further, the encryption algorithm can encrypt the input plaintext data while preserving its original format and length and a corresponding decryption algorithm. The cipher advantageously embodies the encryption and decryption of multi-byte values or strings of data, thus fitting a variety of industrial needs.

Abstract: A computer system and method for securing files in a file system equipped with storage resources that are accessible to an authenticable user operating with an untrusted client device under the semi-trusted client threat model. The file to be secured is stored in one or more blocks belonging to the storage resources along with symmetric per-block key(s) KBi assigned to each of the blocks in the file. The blocks are encrypted with the symmetric per-block keys to obtain encrypted blocks. The user is assigned user key(s) and each per-block key that was used for encryption is in turn encrypted with one of the user's keys to derive wrapped key(s) for each encrypted block. Wrapped key(s) are placed in encrypted block headers and introduce a level of indirection to encrypted file(s) that is appropriate for the semi-trusted client threat model.

Abstract: Computer systems and methods ensuring high availability of cryptographic keys using a shared file system. The keys are encrypted with at least one shareable master key to generate corresponding encrypted cryptographic keys, which are stored in a key database in the shared file system. A master key manager with access to the key database is elected from among master key manager candidates and is assigned a common virtual address. All master key manager candidates have the shareable master key such that during a failover event the availability of the encrypted cryptographic keys is not interrupted as a new master key manager takes over the common virtual address from the previous master key manager. Additionally, a message authentication code (MAC) is deployed for testing the integrity of keys during their retrieval.

Abstract: A network security layer with a role mapping component with a current role mapping between services and access permissions is provided between a user and the services. A multi-tenancy module with current membership mapping is also provided. The security layer has a network authentication protocol for user authentication at log-in. Snapshots of a baseline role mapping between services and permissions are taken at certain times. The role mapping component verifies snapshots at set intervals, and when the user performs certain actions, the current role mapping is compared with the baseline role mapping. Upon discrepancy, the role mapping component executes a set of rules, including forceful log-out to prevent system intrusion. Comparison of current membership mapping with a baseline membership mapping can also be applied. The security layer can thus monitor authorization-exceeding modifications to baseline policies attempted by logged-in and initially authorized users.

Abstract: A high availability cluster and method of storage medium management in such high availability cluster. A number k of nodes belonging to the cluster, where k?2 and includes a master node, are provisioned with high-access-rate and low-access-rate storage media. A file is written to the high-access-rate medium of a serving node selected from among k?1 nodes excluding the master node. The file is also written to low-access-rate medium of each of k?2 nodes excluding the master node and the serving node. A distributed storage medium management protocol supervises file migration from the low-access-rate medium of a back-up node to the high-access-rate medium of the back-up node upon disruption of file availability on the serving node. File rebalancing relies on parameters including popularity, write- and read-requests, capacity, processing load or cost.

Abstract: A network security layer with a role mapping component with a current role mapping between services and access permissions is provided between a user and the services. A multi-tenancy module with current membership mapping is also provided. The security layer has a network authentication protocol for user authentication at log-in. Snapshots of a baseline role mapping between services and permissions are taken at certain times. The role mapping component verifies snapshots at set intervals, and when the user performs certain actions, the current role mapping is compared with the baseline role mapping. Upon discrepancy, the role mapping component executes a set of rules, including forceful log-out to prevent system intrusion. Comparison of current membership mapping with a baseline membership mapping can also be applied. The security layer can thus monitor authorization-exceeding modifications to baseline policies attempted by logged-in and initially authorized users.

Abstract: Method and high availability clusters that support synchronous state replication to provide for failover between nodes, and more precisely, between the master candidate machines at the corresponding nodes. There are at least two master candidates (m=2) in the high availability cluster and the election of the current master is performed by a quorum-based majority vote among quorum machines, whose number n is at least three and odd (n?3 and n is odd). The current master is issued a current time-limited lease to be measured off by the current master's local clock. In setting the duration or period of the lease, a relative clock skew is used to bound the duration to an upper bound, thus ensuring resistance to split brain situations during failover events.

Abstract: Method and high availability clusters that support synchronous state replication to provide for failover between nodes, and more precisely, between the master candidate machines at the corresponding nodes. There are at least two master candidates (m=2) in the high availability cluster and the election of the current master is performed by a quorum-based majority vote among quorum machines, whose number n is at least three and odd (n?3 and n is odd). The current master is issued a current time-limited lease to be measured off by the current master's local clock. In setting the duration or period of the lease, a relative clock skew is used to bound the duration to an upper bound, thus ensuring resistance to split brain situations during failover events.